lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 16 Jul 2022 17:59:02 +0800
From:   cuigaosheng <cuigaosheng1@...wei.com>
To:     Greg KH <gregkh@...uxfoundation.org>
CC:     <srinivas.kandagatla@...aro.org>, <linux-kernel@...r.kernel.org>,
        <gongruiqi1@...wei.com>, <wangweiyang2@...wei.com>
Subject: Re: [PATCH -next] nvmem: core: Fix memleak in nvmem_register()

Thanks for your time.

I have made the v2 patch and moving dev_set_name after nvmem_validate_keepouts
to fix the issue, hope you can provide some advice.

Thanks.

在 2022/7/16 16:23, Greg KH 写道:
> On Sat, Jul 16, 2022 at 03:53:52PM +0800, Gaosheng Cui wrote:
>> dev_set_name will alloc memory for nvmem->dev.kobj.name in
>> nvmem_register, when nvmem_validate_keepouts failed, nvmem's
>> memory will be freed and return, but nobody will free memory
>> for nvmem->dev.kobj.name, there will be memleak, so using
>> kfree_const(nvmem->dev.kobj.name) to fix it.
>>
>> Fixes: de0534df9347 ("nvmem: core: fix error handling while validating keepout regions")
>> Signed-off-by: Gaosheng Cui <cuigaosheng1@...wei.com>
>> ---
>>   drivers/nvmem/core.c | 1 +
>>   1 file changed, 1 insertion(+)
>>
>> diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c
>> index 1e3c754efd0d..6c75c9afa5f3 100644
>> --- a/drivers/nvmem/core.c
>> +++ b/drivers/nvmem/core.c
>> @@ -833,6 +833,7 @@ struct nvmem_device *nvmem_register(const struct nvmem_config *config)
>>   		rval = nvmem_validate_keepouts(nvmem);
>>   		if (rval) {
>>   			ida_free(&nvmem_ida, nvmem->id);
>> +			kfree_const(nvmem->dev.kobj.name);
>>   			kfree(nvmem);
> Something is really wrong, you should never be touching the name pointer
> of a kobject directly like this.  Also the device structure itself
> should be cleaning up the memory, not a kfree.  So this feels wrong...
>
> greg k-h
> .

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ